Author Topic: What does avast! scan after boot and why? [Outpost Pro causes excessive access]  (Read 30085 times)

0 Members and 1 Guest are viewing this topic.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: What does avast! scan after boot and why?
« Reply #15 on: June 07, 2005, 07:40:29 PM »
I recommend Filemon http://www.sysinternals.com/Utilities/Filemon.html to find out which process is opening which files.
If at first you don't succeed, then skydiving's not for you.

Hopismum

  • Guest
Re: What does avast! scan after boot and why?
« Reply #16 on: June 07, 2005, 07:48:23 PM »
Files scanned = 173
OS Type = Windows XP Home
Firewall = Segate 5.6

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: What does avast! scan after boot and why?
« Reply #17 on: June 07, 2005, 07:49:48 PM »
I have it, but have never used it, not to mention getting it to run on/immediately after boot before things get taken over before avast starts scanning the accessed files effectively stopping any launched programs (filemon, etc.)

I will try to have it run on startup or create a shortcut and start it as soon as possible.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: What does avast! scan after boot and why?
« Reply #18 on: June 07, 2005, 09:46:38 PM »
Well I added filemon.exe to the startup group, it seemed to take ages to load after boot but it did and I left it running until the avast icon stopped and I saved the log and closed filemon.

It was running for about 1-2 minutes and is 1.5MB in size with 13,692 lines phew. Well it didn't start getting interesting or displaying anything useful until about line 3000+ Then there were references by explorer.exe to Explorer.EXE accessing C:\Documents and Settings\All Users\Start Menu\Programs\

The main program/files that feature in the log are:

explorer.exe
ashServ.exe
csrss.exe
Outpost.exe
SnagIt32.exe
procguard.exe (free)
sgmain - SpywareGuard
sgbhp.exe - ditto
TSCHelp.exe
wuauclt.exe
svchost.exe


There really is too much to post here and to me there was little that I could interpret as the cause for the high number of files being scanned. I couldn't understand why they would be scanned as they are not startup programs and it would appear that ashserv.exe is scanning followed by explorer.exe is accessing them. This is obviously avast intercepting the open followed by allowing it if clean. However, I can't find anything that appears to be the originating request/call to explorer.exe to open the files.

The only possible assumption after the information overload of the filemon.log and no apparent reason to access or scan many of these files is; could some of these .exe files that are being scanned come from the fact that the icon is being extracted from the programs .exe file to display in the Start, All Programs Menu and their sub menus since icons are displayed in the lists?

I will happily send you the filemon.log 7zipped and more detailed info if you think it may help to get to the bottom of this?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Anderson2

  • Guest
Re: What does avast! scan after boot and why?
« Reply #19 on: June 10, 2005, 05:14:07 AM »
(could you pls turn scanning notification on - that yellow/blue rectangle under clock? then it could tell you more...).

I have Avast4.  Where do you turn the scanning notification on?  I can find no yellow/blue rectangle anywhere.  How do you get to it?

Thanks.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: What does avast! scan after boot and why?
« Reply #20 on: June 10, 2005, 01:31:43 PM »
I have Avast4.  Where do you turn the scanning notification on?  I can find no yellow/blue rectangle anywhere.  How do you get to it?
Go to Standard Shield provider settings (left click the 'a' blue icon).
Choose Customize and go to the Advanced tab.
Check 'Show detailed information on action performed'  ;)
You can customize all this notification: color, size, number, font, etc... Click 'Settings' in my signature and browse the avast4.ini file thread  8)
The best things in life are free.

Anderson2

  • Guest
Re: What does avast! scan after boot and why?
« Reply #21 on: June 10, 2005, 05:12:11 PM »
Thank you.  I'll work on it.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: What does avast! scan after boot and why?
« Reply #22 on: June 14, 2005, 12:15:33 AM »
Bump - any more suggestions or solutions?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: What does avast! scan after boot and why?
« Reply #23 on: June 14, 2005, 04:27:56 PM »
I had a look at the logs, but unfortunately, I'm unable to pinpoint a single cause. A number of programs is starting (Outpost, ProcessGuard, SnagIt etc..) and all of them generate some file system activity...
If at first you don't succeed, then skydiving's not for you.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: What does avast! scan after boot and why?
« Reply #24 on: June 14, 2005, 05:54:52 PM »
I bet on ProcessGuard... Brings a lot of trouble, more than solution and protection.
Disabling the firewall and boot could tell us if the problem is the interaction between Outpost and avast.
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: What does avast! scan after boot and why?
« Reply #25 on: June 15, 2005, 12:46:09 AM »
OK, I have done a number of further tests, disabling startup programs, rebooting and checking the Standard Shield scanned total after boot.

Disabled ProcessGuard Free    Reboot    Scanned Total: 803
Disabled SnagIt7    Reboot    Scanned Total: 829
Disabled Outpost Pro    Reboot    Scanned Total: 833
No changes to maintain a stable registry and reboot Scanned Total: 783

So even after disabling the three programs (startup entries) mentioned there is no noticeable difference, certainly not one that would account for the excessive scanned total after boot.

Disabled SpywareGuard    Reboot    Scanned Total: 777 again no negligible difference.

Checked Windows Services and found ProcessGuard and Outpost still had services enabled on Automatic. Ended the processes, changed to Disabled and rebooted - Scanned Total 303.

Enabled Outpost Services on Auto and enabled Outpost Startup item and reboot - Scanned Total 803, bingo it looks like I have found the culprit Outpost.exe. I have no idea what or why Outpost should access a large number of files on the HDD. I have looked into the various settings in Outpost but can find nothing that may cause this.

Now what to do about it as I think it essential to have Outpost run on boot, otherwise I would have to manually start the outpost service and the startup entry. With Outpost completely disabled the scan in the low 300s reduces the time the avast icon spins. If I start Outpost the scan count jumps by 450-500, but this only takes a few seconds, the additional files that are being scanned after boot take considerably longer.

I had filemon enabled as a startup item so I have filtered occurance of outpost.exe, but that doesn't tell me much but it keeps accessing op_data.mdb. It may be possible that the contents of this file are accessing the files to check for changed content? I don't know I have no way of opening the .mdb file other than with a text editor and that returns little useful (to me) information.

Do any of the Alwil test systems run Outpost Pro and do they suffer this increased scan activity?

Any further information/suggestions, perhaps excluding outpost.exe and or op_data.mdb in avast4.ini (but where)?
« Last Edit: June 15, 2005, 12:47:55 AM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: What does avast! scan after boot and why?
« Reply #26 on: June 15, 2005, 01:11:10 AM »
I'm failry certain that ZA acts the same way and if it does, can provisions for those of us that use ZA also be made if
you find an answer for by-passing the Outpost startup scanning problem? Thanks
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

BanziBaby

  • Guest
Re: What does avast! scan after boot and why?
« Reply #27 on: June 15, 2005, 01:57:21 AM »
Hi DavidR :)

The op_data.mdb is outposts log file (if enable logging is ticked)

U can safely exclude the file in Avast, i do along with the op_data.ldb with no ill effects & a slight boost in boot & loadin time :)

If U always have snagit runnin at boot then that will slow things down (not sure if U have it runnin constant or just for testin)

I also exclude processguard's logfiles as they can be written to many times during boot.

HTH

BaNzI ;D

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: What does avast! scan after boot and why?
« Reply #28 on: June 15, 2005, 02:51:31 AM »
Sorry if I'm a little off-topic but, does anybody know how to configure Windows to start like Linux: the command lines, what is happening, etc. and not the logo? I want to know what is happening behind the logo and the progress bar but I can't... Maybe we can know by this way what is loading, into the logon screen could be the same  :-\
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: What does avast! scan after boot and why?
« Reply #29 on: June 15, 2005, 03:05:58 PM »
@BanziBaby

OK I have added op_data.?db to the program settings, exclusions, the wildcard '?' does catch both files (I tested it using an on-demand folder scan); let's see if it has any effect on boot.

As you can see from my above post disabling SnagIt at start-up had no real effect on the scanned totals. I use it extensively, but I suppose I could start it after boot; I will have to check that out.

I have decided to uninstall ProcessGuard free, as it only protects one process and I think that it was Vlk who said it didn't provide the protection we think if the infection was able to disable processes it could do much more and saving 1 process would be ineffectual.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security